/*
 *
 *  *  Copyright (c), utrix (idea110@163.com).
 *  *  <p>
 *  *  Licensed under the GNU Lesser General Public License 3.0 (the "License");
 *  *  you may not use this file except in compliance with the License.
 *  *  You may obtain a copy of the License at
 *  *  <p>
 *  * https://www.gnu.org/licenses/lgpl.html
 *  *  <p>
 *  * Unless required by applicable law or agreed to in writing, software
 *  * distributed under the License is distributed on an "AS IS" BASIS,
 *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  * See the License for the specific language governing permissions and
 *  * limitations under the License.
 *
 */

package priv.utrix.micro.config;

import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.header.HeaderWriterFilter;
import priv.utrix.micro.constant.AuthConstants;
import priv.utrix.micro.filter.AuthorizeFilter;

/**
 * oauth2.0资源服务配置类
 *
 * @author utrix
 * @since 2020/9/29 13:50
 */
@Configuration
@EnableResourceServer
@RequiredArgsConstructor
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    final TokenStore tokenStore;
    final AuthorizeFilter authorizeFilter;
    final WhiteListConfig whiteListConfig;

    /**
     * 通过的范围，el表达式
     */
    private static final String ACCESS_SCOPE = "#oauth2.hasScope('all')";

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(AuthConstants.CLIENT_RESOURCE_BASIS).tokenStore(tokenStore).stateless(true);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.addFilterAfter(authorizeFilter,  HeaderWriterFilter.class).csrf().disable()
                .authorizeRequests().antMatchers(whiteListConfig.getUrls()).permitAll().anyRequest().access(ACCESS_SCOPE)
                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}
